Should we restrict remote resources to make validation easier?

[iherman]

Assuming we don't loosen the restriction, though, there probably are ways we could beef up validation. The simplest one might be to specify where remote resources are allowed, not just what types. So the wording, for example, could be "Audio resources when referenced from the audio element" or "Video resources when referenced from the video element."

That would allow epubcheck to more easily flag any remote resource referenced where it's not allowed, as it wouldn't have to know anything about its media type. It would also limit potential abuse, as you can't load a random resource into an audio or video element like you can with an iframe. This might also help with our security review, as there's less damage a remote resource can do from audio/video elements and a css font declaration. (Not sure how much it does for scripts being able to read in remote resources, though.)

Originally posted by @mattgarrish in #1061 (comment)

[iherman]

Oops, duplication of #1857, closing

[mattgarrish]

Weird, I must have gotten a cached page this morning as I didn't even see this. 1843 was still showing as the most recent issue, so I figured you'd left it for me to open.